Mock: privilege escalation for users that can access mock configuration
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
Affected products
Matching in nixpkgs
pkgs.cmocka
Lightweight library to simplify and generalize unit tests for C
-
nixos-unstable -
- nixpkgs-unstable 1.1.7
pkgs.mockgen
Mocking framework for the Go programming language
-
nixos-unstable -
- nixpkgs-unstable 0.6.0
pkgs.mockoon
Easiest and quickest way to run mock APIs locally
-
nixos-unstable -
- nixpkgs-unstable 9.3.0
pkgs.umockdev
Mock hardware devices for creating unit tests
-
nixos-unstable -
- nixpkgs-unstable 0.19.3
pkgs.uhttpmock
Project for mocking web service APIs which use HTTP or HTTPS
-
nixos-unstable -
- nixpkgs-unstable 0.5.5
pkgs.go-mockery
Mock code autogenerator for Golang
-
nixos-unstable -
- nixpkgs-unstable 3.5.4
pkgs.go-minimock
Golang mock generator from interfaces
-
nixos-unstable -
- nixpkgs-unstable 3.4.7
pkgs.mockobjects
Generic unit testing framework and methodology for testing any kind of code
-
nixos-unstable -
- nixpkgs-unstable 0.09
pkgs.go-mockery_2
Mock code autogenerator for Golang - v2
-
nixos-unstable -
- nixpkgs-unstable mockery_2-2.53.5
pkgs.libqtdbusmock
Library for mocking DBus interactions using Qt
-
nixos-unstable -
- nixpkgs-unstable 0.9.1
pkgs.uhttpmock_1_0
Project for mocking web service APIs which use HTTP or HTTPS
-
nixos-unstable -
- nixpkgs-unstable 0.11.0
pkgs.python312Packages.mock
Rolling backport of unittest.mock for all Pythons
-
nixos-unstable -
- nixpkgs-unstable 5.2.0
pkgs.python313Packages.mock
Rolling backport of unittest.mock for all Pythons
-
nixos-unstable -
- nixpkgs-unstable 5.2.0
pkgs.haskellPackages.mockcat
Mock library for test in Haskell
-
nixos-unstable -
- nixpkgs-unstable 0.5.2.0
pkgs.haskellPackages.mockery
Support functions for automated testing
-
nixos-unstable -
- nixpkgs-unstable 0.3.5
pkgs.python312Packages.mocket
Socket mock framework for all kinds of sockets including web-clients
-
nixos-unstable -
- nixpkgs-unstable 3.13.11
pkgs.python312Packages.mockfs
Simple mock filesystem for use in unit tests
-
nixos-unstable -
- nixpkgs-unstable 1.1.4
pkgs.python313Packages.mocket
Socket mock framework for all kinds of sockets including web-clients
-
nixos-unstable -
- nixpkgs-unstable 3.13.11
pkgs.python313Packages.mockfs
Simple mock filesystem for use in unit tests
-
nixos-unstable -
- nixpkgs-unstable 1.1.4
pkgs.rubyPackages.rspec-mocks
None
-
nixos-unstable -
- nixpkgs-unstable 3.13.5
pkgs.gnomeExtensions.mock-tray
Creates an invisible system tray (TopIcons) for apps (like MEGAsync) that won't run properly without one.
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.haskellPackages.http-mock
HTTP mocking and expectations library for Haskell
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.mock-time
Mock time in tests
-
nixos-unstable -
- nixpkgs-unstable 0.1.1
pkgs.python312Packages.httmock
Mocking library for requests
-
nixos-unstable -
- nixpkgs-unstable 1.4.0
pkgs.python312Packages.mockito
Spying framework
-
nixos-unstable -
- nixpkgs-unstable 1.5.4
pkgs.python313Packages.httmock
Mocking library for requests
-
nixos-unstable -
- nixpkgs-unstable 1.4.0
pkgs.python313Packages.mockito
Spying framework
-
nixos-unstable -
- nixpkgs-unstable 1.5.4
pkgs.python312Packages.flexmock
Testing library that makes it easy to create mocks,stubs and fakes
-
nixos-unstable -
- nixpkgs-unstable 0.12.2
pkgs.python312Packages.minimock
Minimalistic mocking library
-
nixos-unstable -
- nixpkgs-unstable 1.3.0
pkgs.python313Packages.flexmock
Testing library that makes it easy to create mocks,stubs and fakes
-
nixos-unstable -
- nixpkgs-unstable 0.12.2
pkgs.python313Packages.minimock
Minimalistic mocking library
-
nixos-unstable -
- nixpkgs-unstable 1.3.0
pkgs.python312Packages.mock-open
Better mock for file I/O
-
nixos-unstable -
- nixpkgs-unstable 1.4.0
pkgs.python312Packages.mongomock
Fake pymongo stub for testing simple MongoDB-dependent code
-
nixos-unstable -
- nixpkgs-unstable 4.3.0
pkgs.python313Packages.mock-open
Better mock for file I/O
-
nixos-unstable -
- nixpkgs-unstable 1.4.0
pkgs.python313Packages.mongomock
Fake pymongo stub for testing simple MongoDB-dependent code
-
nixos-unstable -
- nixpkgs-unstable 4.3.0
pkgs.python312Packages.types-mock
Type stub package for the mock package
-
nixos-unstable -
- nixpkgs-unstable 5.2.0.20250809
pkgs.python313Packages.types-mock
Type stub package for the mock package
-
nixos-unstable -
- nixpkgs-unstable 5.2.0.20250809
pkgs.rubyPackages_3_1.rspec-mocks
None
-
nixos-unstable -
- nixpkgs-unstable 3.13.5
pkgs.rubyPackages_3_2.rspec-mocks
None
-
nixos-unstable -
- nixpkgs-unstable 3.13.5
pkgs.rubyPackages_3_3.rspec-mocks
None
-
nixos-unstable -
- nixpkgs-unstable 3.13.5
pkgs.rubyPackages_3_4.rspec-mocks
None
-
nixos-unstable -
- nixpkgs-unstable 3.13.5
pkgs.haskellPackages.typeable-mock
Mock functions and expressions anywhere
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.1
pkgs.python312Packages.mock-django
Simple library for mocking certain Django behavior, such as the ORM
-
nixos-unstable -
- nixpkgs-unstable 0.6.10
pkgs.python312Packages.pytest-mock
Thin wrapper around the mock package for easier use with pytest
-
nixos-unstable -
- nixpkgs-unstable 3.14.1
pkgs.python313Packages.mock-django
Simple library for mocking certain Django behavior, such as the ORM
-
nixos-unstable -
- nixpkgs-unstable 0.6.10
pkgs.python313Packages.pytest-mock
Thin wrapper around the mock package for easier use with pytest
-
nixos-unstable -
- nixpkgs-unstable 3.14.1
pkgs.haskellPackages.polysemy-mocks
Mocking framework for polysemy effects
-
nixos-unstable -
- nixpkgs-unstable 0.3.1.0
pkgs.python312Packages.mock-services
Mock an entire service API based on requests-mock
-
nixos-unstable -
- nixpkgs-unstable 0.3.1
pkgs.python312Packages.requests-mock
Mock out responses from the requests package
-
nixos-unstable -
- nixpkgs-unstable 1.12.1
pkgs.python313Packages.mock-services
Mock an entire service API based on requests-mock
-
nixos-unstable -
- nixpkgs-unstable 0.3.1
pkgs.python313Packages.requests-mock
Mock out responses from the requests package
-
nixos-unstable -
- nixpkgs-unstable 1.12.1
pkgs.python312Packages.pytest-mockito
Base fixtures for mockito
-
nixos-unstable -
- nixpkgs-unstable 0.0.4
pkgs.python313Packages.pytest-mockito
Base fixtures for mockito
-
nixos-unstable -
- nixpkgs-unstable 0.0.4
pkgs.python312Packages.mock-ssh-server
Python mock SSH server for testing purposes
-
nixos-unstable -
- nixpkgs-unstable 0.9.1
pkgs.python312Packages.python-dbusmock
Mock D-Bus objects for tests
-
nixos-unstable -
- nixpkgs-unstable 0.36.0
pkgs.python313Packages.mock-ssh-server
Python mock SSH server for testing purposes
-
nixos-unstable -
- nixpkgs-unstable 0.9.1
pkgs.python313Packages.python-dbusmock
Mock D-Bus objects for tests
-
nixos-unstable -
- nixpkgs-unstable 0.36.0
pkgs.python312Packages.pytest-mockservers
Set of fixtures to test your requests to HTTP/UDP servers
-
nixos-unstable -
- nixpkgs-unstable 0.6.0
pkgs.python313Packages.pytest-mockservers
Set of fixtures to test your requests to HTTP/UDP servers
-
nixos-unstable -
- nixpkgs-unstable 0.6.0
Package maintainers
-
@rasendubi Alexey Shmalko <rasen.dubi@gmail.com>
-
@kragniz Louis Taylor <louis@kragniz.eu>
-
@ymatsiuk Yurii Matsiuk
-
@honnip Jung seungwoo <me@honnip.page>
-
@svrana Shaw Vrana <shaw@vranix.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@cideM Florian Beeres <yuuki@protonmail.com>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@dit7ya Mostly Void <7rat13@gmail.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
-
@Defelo Defelo
-
@dotlambda Robert Schütz <rschuetz17@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@callahad Dan Callahan <dan.callahan@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@flokli Florian Klink <flokli@flokli.de>
-
@bobvanderlinden Bob van der Linden <bobvanderlinden@gmail.com>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>